[erlang-bugs] Too strict HTTP Status Line parsing

Sverker Eriksson <>
Wed Jun 2 12:09:38 CEST 2010


Alexander Zhuravlev wrote:
> Hello,
>
> I've tried to use lhttpc library (http://bitbucket.org/etc/lhttpc) to fetch
> a resource (http://www.qype.com/review/1376848) and got the following
> error:
>
> {{http_error,"HTTP/1.1 200\r\n"},
> 	[{lhttpc_client,read_response,5},
> 	{lhttpc_client,execute,8},
> 	{lhttpc_client,request,9}]} 
>
> I've checked lhttpc source code and found out that to receive and parse an HTTP
> response it uses _standard_ erlang module gen_tcp on a socket in
> {packet, http} mode. So it looks like the {http_error,"HTTP/1.1 200\r\n"} error was
> in fact generated by erlang's http packet parsing code.
>
> I found the following code in packet_parse_http function from
> erts/emulator/beam/packet_parser.c file:
>
> ...
> p0 = ptr;
> while (n && SP(ptr)) {
> 	ptr++; n--;
> }
> if (ptr==p0) return -1;
> ...
>
>   
A change to

if (ptr==p0 && n>0) return -1;

would do it, right?

/Sverker, Erlang/OTP

> As far as I understand "HTTP/1.1 200\r\n" line does not have any spaces
> after the status code "200", and the function strips \r\n as a first step of
> its operation. So the "while" cycle does not run and we get into the
> "if (ptr==p0) branch" this basically leads to returning of 
> {http_error, "HTTP/1.1 200\r\n"} atom up to the call stack.
>
> Strictly speaking this is not a bug in erlang, but I suppose it
> should take a more relaxed approach to HTTP Status Line parsing
> and not return http_error if an HTTP response Status Line does not have
> a Reason-phrase part.
>
> ________________________________________________________________
> erlang-bugs (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:
>
>   



More information about the erlang-bugs mailing list